Our cookie policy in brief

A cookie (or similar technology) allows us to distinguish you from other users of our site and recognises your preferences, provides personalised content, security and enables our site to function more efficiently. This helps us to give you the best possible experience when you browse, and also allows us to make our site better for you. We use session and persistent cookies, which are stored on your computer or electronic device unless you object (see below). Session cookies are cookies that expire at the end of your browsing session whereas persistent cookies are stored on your device in-between sessions.

Our full cookie policy

Types of cookies

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or electronic device unless you object (see below). Our website starlingbank.com (“our site”) and each of its web pages and subdomains (including www.starlingbank.com, help.starlingbank.com, settleup.starlingbank.com and app.starlingbank.com) uses two types of cookies: first and third party cookies. First party cookies are cookies set by us, compared to third party cookies which are set by someone other than us and which collects information about you which may be sent to the third party.

The categories of cookies hosted on our site are known as:

  • essential/necessary cookies for running the website. These cookies help you to access our site and each of its web pages and subdomains, by enabling basic functions like cookie consent. These are essential to the web pages and sub domains’ functionality and cannot be disabled by you; and

  • non-essential cookies including analytical/performance, functionality and targeting cookies. These cookies collect anonymous statistics to enable us to improve our site and each of its pages and subdomains; provide you with full functionality of our site; and third party cookies to collect and build a profile of your interest and show you relevant advertisements on other websites. These types of cookies do not store personal information in itself but are based on a unique identification in your browser and devices which could identify you if combined with other relevant data (see below for more information about third party cookies). These cookies will not be set without your permission.

Our online banking website (app.starlingbank.com) only uses essential/necessary cookies.

The table below explains the cookies we use and why.

Essential cookies

StarlingBankCookiePreferences

Provider

Starling Bank

Purpose

Stores the user’s cookie consent state.

Expiration

90 days

m

Provider

Stripe

Purpose

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

Expiration

2 years

__stripe_mid

Provider

Stripe

Purpose

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

Expiration

1 year

__stripe_sid

Provider

Stripe

Purpose

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

Expiration

30 minutes

private_machine_identifier

Provider

Stripe

Purpose

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

Expiration

1 year

stripe.csrf

Provider

Stripe

Purpose

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

Expiration

Session

Provider

Purpose

Expiration

StarlingBankCookiePreferences

Starling Bank

Stores the user’s cookie consent state.

90 days

m

Stripe

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

2 years

__stripe_mid

Stripe

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

1 year

__stripe_sid

Stripe

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

30 minutes

private_machine_identifier

Stripe

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

1 year

stripe.csrf

Stripe

Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.

Session

Analytical cookies

_ga

Provider

Google

Purpose

Used to distinguish users.

Expiration

2 years

_gid

Provider

Google

Purpose

Used to distinguish users.

Expiration

24 hours

_gat

Provider

Google

Purpose

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm_<property-id>.

Expiration

1 minute

_ga_<container-id>

Provider

Google

Purpose

Used to persist session state.

Expiration

2 years

_gac_gb_<container-id>

Provider

Google

Purpose

Contains campaign related information.

Expiration

90 days

AMP_TOKEN

Provider

Google

Purpose

Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

Expiration

30 seconds to 1 year

_gac_<property-id>

Provider

Google

Purpose

Contains campaign related information for the user.

Expiration

90 days

_gaexp

Provider

Google

Purpose

Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.

Expiration

Depends on the length of the experiment, but typically 90 days.

_opt_utmc

Provider

Google

Purpose

Stores the last utm_campaign query parameter.

Expiration

24 hours

_opt_expid

Provider

Google

Purpose

This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.

Expiration

10 seconds

marketingAttributionUid

Provider

Starling Bank

Purpose

Used to distinguish users

Expiration

Session

query

Provider

Starling Bank

Purpose

Stores referral information from campaigns.

Expiration

Session

Provider

Purpose

Expiration

_ga

Google

Used to distinguish users.

2 years

_gid

Google

Used to distinguish users.

24 hours

_gat

Google

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm_<property-id>.

1 minute

_ga_<container-id>

Google

Used to persist session state.

2 years

_gac_gb_<container-id>

Google

Contains campaign related information.

90 days

AMP_TOKEN

Google

Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

30 seconds to 1 year

_gac_<property-id>

Google

Contains campaign related information for the user.

90 days

_gaexp

Google

Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.

Depends on the length of the experiment, but typically 90 days.

_opt_utmc

Google

Stores the last utm_campaign query parameter.

24 hours

_opt_expid

Google

This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.

10 seconds

marketingAttributionUid

Starling Bank

Used to distinguish users

Session

query

Starling Bank

Stores referral information from campaigns.

Session

Functional cookies

yt-remote-cast-installed

Provider

youtube-nocookie.com

Purpose

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Expiration

Session

yt-remote-connected-devices

Provider

youtube-nocookie.com

Purpose

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Expiration

Persistent

yt-remote-device-id

Provider

youtube-nocookie.com

Purpose

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Expiration

Persistent

yt-remote-fast-check-period

Provider

youtube-nocookie.com

Purpose

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Expiration

Session

yt-remote-session-app

Provider

youtube-nocookie.com

Purpose

Used to send data to Google Analytics about the visitor’s device and behaviour.

Expiration

Session

yt-remote-session-name

Provider

youtube-nocookie.com

Purpose

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Expiration

Session

yt-player-headers-readable

Provider

youtube-nocookie.com

Purpose

Stores the user’s video player preferences using embedded YouTube video.

Expiration

17 days

yt.innertube::requests

Provider

youtube-nocookie.com

Purpose

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Expiration

Persistent

yt.innertube::nextId

Provider

youtube-nocookie.com

Purpose

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Expiration

Persistent

yt-player-bandwidth

Provider

youtube-nocookie.com

Purpose

To provide bandwidth estimations.

Expiration

Session

yt-remote-cast-available

Provider

youtube-nocookie.com

Purpose

Stores the user’s video player preferences using embedded YouTube video.

Expiration

Persistent

OptanonAlertBoxClosed

Provider

Trustpilot

Purpose

This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user.

Expiration

1 year

OptanonConsent

Provider

Trustpilot

Purpose

This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given.

Expiration

1 year

__RequestVerificationToken

Provider

Trustpilot

Purpose

This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.

Expiration

Session

_csrf

Provider

Trustpilot

Purpose

This period shows the length of the period at which a service can store and/or read certain data from your computer by using a cookie, a pixel, an API, cookieless tracking, or other resources.

Expiration

Session

Provider

Purpose

Expiration

yt-remote-cast-installed

youtube-nocookie.com

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Session

yt-remote-connected-devices

youtube-nocookie.com

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Persistent

yt-remote-device-id

youtube-nocookie.com

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Persistent

yt-remote-fast-check-period

youtube-nocookie.com

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Session

yt-remote-session-app

youtube-nocookie.com

Used to send data to Google Analytics about the visitor’s device and behaviour.

Session

yt-remote-session-name

youtube-nocookie.com

Stores the user’s video player preferences in HTML local storage using embedded YouTube video.

Session

yt-player-headers-readable

youtube-nocookie.com

Stores the user’s video player preferences using embedded YouTube video.

17 days

yt.innertube::requests

youtube-nocookie.com

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Persistent

yt.innertube::nextId

youtube-nocookie.com

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Persistent

yt-player-bandwidth

youtube-nocookie.com

To provide bandwidth estimations.

Session

yt-remote-cast-available

youtube-nocookie.com

Stores the user’s video player preferences using embedded YouTube video.

Persistent

OptanonAlertBoxClosed

Trustpilot

This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user.

1 year

OptanonConsent

Trustpilot

This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given.

1 year

__RequestVerificationToken

Trustpilot

This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.

Session

_csrf

Trustpilot

This period shows the length of the period at which a service can store and/or read certain data from your computer by using a cookie, a pixel, an API, cookieless tracking, or other resources.

Session

Advertising and targeting cookies

We apply the following advertising and targeting cookies on our website.

__adal_ca

Provider

Adalyser

Purpose

Stores which advertising campaign drove a user to visit

Expiration

6 months

__adal_cw

Provider

Adalyser

Purpose

Tie back conversion events to earlier visits

Expiration

7 days

__adal_id

Provider

Adalyser

Purpose

Uniquely identify a device

Expiration

2 years

__adal_ses

Provider

Adalyser

Purpose

Determines the existence of an active session

Expiration

Session

DSID

Provider

doubleclick.net

Purpose

Used to link user’s activity across devices if they’ve previously signed in to a Google Account on another device.

Expiration

399 days

IDE

Provider

doubleclick.net

Purpose

Used for advertising Google serves across the web on non-Google sites.

Expiration

399 days

RUL

Provider

doubleclick.net

Purpose

Pending.

Expiration

399 days

1P_JAR

Provider

Google

Purpose

undefined

Expiration

1 month

ANID

Provider

Google

Purpose

Used to customize ads on Google properties, like Google Search.

Expiration

1 month

CONSENT

Provider

Google

Purpose

Used to store cookie consent preferences.

Expiration

20 years and 1 month

NID

Provider

Google

Purpose

Used to remember information that changes the way the site behaves or looks, such as your preferred language or the region a user is in.

Expiration

1 month

__Secure-3PAPISID

Provider

Google

Purpose

Used by for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.

Expiration

2 years

__Secure-3PSID

Provider

Google

Purpose

Used by for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.

Expiration

2 years

__Secure-3PSIDCC

Provider

Google

Purpose

Used by for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.

Expiration

2 years

_pinterest_sess

Provider

Pinterest

Purpose

Is the Pinterest login cookie and is used to store a person’s login state within a web browser. It’s updated whenever a person logs in to or out of Pinterest. This cookie contains the person’s Pinterest ID as well as their authentication tokens if the person is logged in to Pinterest.

Expiration

1 year

_pinterest_ct

Provider

Pinterest

Purpose

The equivalent of the _pinterest_sess for our in-app browser. This cookie is set in the person’s in-app browser whenever the person views offsite content, such as a third-party website, from within the Pinterest app.

Expiration

1 year

_pinterest_ct_rt

Provider

Pinterest

Purpose

Set whenever the person visits an advertiser’s site that has the Pinterest Tag installed. This is the only cookie that is conditional. The _pinterest_sess cookie needs to be present for a request to ct.pinterest.com to result in a _pinterest_ct_rt cookie being written.

Expiration

1 year

_epik

Provider

Pinterest

Purpose

Set when a person visits a page from a Pinterest ad. When someone clicks on a Pinterest ad, information is added to the URL to help the Pinterest Tag find a match. The Pinterest Tag caches this information in this cookie.

Expiration

1 year

_derived_epik

Provider

Pinterest

Purpose

Placed when the Pinterest Tag reports a match identified without using cookies, such as through Enhanced Match. The Pinterest Tag caches information to make matching on future pages easier.

Expiration

1 year

_pin_unauth

Provider

Pinterest

Purpose

First-party cookie placed by the Pinterest Tag when we are unable to match the user. It contains a unique UUID to group actions across pages.

Expiration

1 year

_pinterest_ct_ua

Provider

Pinterest

Purpose

The same as _pin_unauth, but as a third-party cookie.

Expiration

1 year

_routing_id

Provider

Pinterest

Purpose

First-party cookie that helps ensure our website users are being directed to the latest version of Pinterest.com.

Expiration

1 year

sc-a-nonce

Provider

Snapchat

Purpose

Used to optimize the advertisements on Snapchat.

Expiration

365 days

sc_at

Provider

Snapchat

Purpose

Used to identify a visitor across multiple domains.

Expiration

365 days

cookie-consent

Provider

TikTok

Purpose

Used to determine whether a visitor has accepted cookies.

Expiration

390 days

passport_csrf_token

Provider

Tiktok

Purpose

Pending.

Expiration

30 days

tt_webid

Provider

TikTok

Purpose

Pending.

Expiration

365 days

tt_webid_v2

Provider

TikTok

Purpose

Pending.

Expiration

365 days

tta_attr_id

Provider

TikTok

Purpose

Pending.

Expiration

365 days

tta_attr_id_mirror

Provider

TikTok

Purpose

Pending

Expiration

365 days

_tt_enable_cookie

Provider

TikTok

Purpose

Used to store tracking with cookie state

Expiration

395 days

_ttp_1st_party

Provider

TikTok

Purpose

Used to distinguish users

Expiration

395 days

EDAAT

Provider

The Trade Desk

Purpose

EDAAT stores a temporary security token used only on EDAA opt out pages like https://www.youronlinechoices.com/.

Expiration

1 hour

TDID

Provider

The Trade Desk

Purpose

Trade Desk ID (TDID) is the main cookie and ID used to recognize web-browser profiles over time across sites.

Expiration

365 days

TDCPM

Provider

The Trade Desk

Purpose

Trade Desk Cookie Partner Mapping (TDCPM) records which partners The Trade Desk has matched IDs with in order to prevent redundant matching calls.

Expiration

365 days

TTDOptOut

Provider

The Trade Desk

Purpose

TTDOptOut stores a static value recording the user’s choice to opt out. It should be exclusive of the other cookies, so The Trade Desk will not have an ID on the browser when the TTDOptOut cookie is present.

Expiration

5 years

TTDOptOutOfDataSale

Provider

The Trade Desk

Purpose

TTDOptOutOfDataSale stores a static value recording the users choice to opt out of the selling of data to third parties.

Expiration

5 years

Provider

Purpose

Expiration

__adal_ca

Adalyser

Stores which advertising campaign drove a user to visit

6 months

__adal_cw

Adalyser

Tie back conversion events to earlier visits

7 days

__adal_id

Adalyser

Uniquely identify a device

2 years

__adal_ses

Adalyser

Determines the existence of an active session

Session

DSID

doubleclick.net

Used to link user’s activity across devices if they’ve previously signed in to a Google Account on another device.

399 days

IDE

doubleclick.net

Used for advertising Google serves across the web on non-Google sites.

399 days

RUL

doubleclick.net

Pending.

399 days

1P_JAR

Google

undefined

1 month

ANID

Google

Used to customize ads on Google properties, like Google Search.

1 month

CONSENT

Google

Used to store cookie consent preferences.

20 years and 1 month

NID

Google

Used to remember information that changes the way the site behaves or looks, such as your preferred language or the region a user is in.

1 month

__Secure-3PAPISID

Google

Used by for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.

2 years

__Secure-3PSID

Google

Used by for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.

2 years

__Secure-3PSIDCC

Google

Used by for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.

2 years

_pinterest_sess

Pinterest

Is the Pinterest login cookie and is used to store a person’s login state within a web browser. It’s updated whenever a person logs in to or out of Pinterest. This cookie contains the person’s Pinterest ID as well as their authentication tokens if the person is logged in to Pinterest.

1 year

_pinterest_ct

Pinterest

The equivalent of the _pinterest_sess for our in-app browser. This cookie is set in the person’s in-app browser whenever the person views offsite content, such as a third-party website, from within the Pinterest app.

1 year

_pinterest_ct_rt

Pinterest

Set whenever the person visits an advertiser’s site that has the Pinterest Tag installed. This is the only cookie that is conditional. The _pinterest_sess cookie needs to be present for a request to ct.pinterest.com to result in a _pinterest_ct_rt cookie being written.

1 year

_epik

Pinterest

Set when a person visits a page from a Pinterest ad. When someone clicks on a Pinterest ad, information is added to the URL to help the Pinterest Tag find a match. The Pinterest Tag caches this information in this cookie.

1 year

_derived_epik

Pinterest

Placed when the Pinterest Tag reports a match identified without using cookies, such as through Enhanced Match. The Pinterest Tag caches information to make matching on future pages easier.

1 year

_pin_unauth

Pinterest

First-party cookie placed by the Pinterest Tag when we are unable to match the user. It contains a unique UUID to group actions across pages.

1 year

_pinterest_ct_ua

Pinterest

The same as _pin_unauth, but as a third-party cookie.

1 year

_routing_id

Pinterest

First-party cookie that helps ensure our website users are being directed to the latest version of Pinterest.com.

1 year

sc-a-nonce

Snapchat

Used to optimize the advertisements on Snapchat.

365 days

sc_at

Snapchat

Used to identify a visitor across multiple domains.

365 days

cookie-consent

TikTok

Used to determine whether a visitor has accepted cookies.

390 days

passport_csrf_token

Tiktok

Pending.

30 days

tt_webid

TikTok

Pending.

365 days

tt_webid_v2

TikTok

Pending.

365 days

tta_attr_id

TikTok

Pending.

365 days

tta_attr_id_mirror

TikTok

Pending

365 days

_tt_enable_cookie

TikTok

Used to store tracking with cookie state

395 days

_ttp_1st_party

TikTok

Used to distinguish users

395 days

EDAAT

The Trade Desk

EDAAT stores a temporary security token used only on EDAA opt out pages like https://www.youronlinechoices.com/.

1 hour

TDID

The Trade Desk

Trade Desk ID (TDID) is the main cookie and ID used to recognize web-browser profiles over time across sites.

365 days

TDCPM

The Trade Desk

Trade Desk Cookie Partner Mapping (TDCPM) records which partners The Trade Desk has matched IDs with in order to prevent redundant matching calls.

365 days

TTDOptOut

The Trade Desk

TTDOptOut stores a static value recording the user’s choice to opt out. It should be exclusive of the other cookies, so The Trade Desk will not have an ID on the browser when the TTDOptOut cookie is present.

5 years

TTDOptOutOfDataSale

The Trade Desk

TTDOptOutOfDataSale stores a static value recording the users choice to opt out of the selling of data to third parties.

5 years

Control these cookies

You can manage your cookie preferences at any time by clicking 'Manage cookies' at the bottom of any page on our website in the footer or by clicking here. Alternatively, you can restrict the use of cookies within your browser, by activating its setting that allows you to refuse all or some cookies. If you have enabled third party persistent cookies on our site before, you will need to visit the third party website to set your privacy choices to decide how your information is used by that third party.

Except for essential/necessary and session cookies, any applicable Starling cookies set by us, with your permission, will expire after 90 days and after this time you will be asked to re-consent to the use of non-essential cookies. Third party and other cookies will expire in accordance with their individual cookie policies.

We may revise this cookie policy at any time by amending this page. Please check it from time to time to take notice of any changes we may make from time to time.

Last full cookie review 24 January 2022

Last updated 14 March 2022

Manage your cookie preferences

Apply for a Starling bank account today and enjoy app-based banking at its best.

Start your application
Help